Skip to content

Latest commit

 

History

History
40 lines (40 loc) · 4.35 KB

clario.md

File metadata and controls

40 lines (40 loc) · 4.35 KB

Reports in clario program:

S.No Title Bounty
1 Account Takeover because of the mis-configuration on the Password Reset Page $300.0
2 XSS in https://mackeeper.com $300.0
3 XSS in https://affiliates.kromtech.com $300.0
4 RXSS on /landings/123.1/index.php (mackeeperapp.mackeeper.com) $300.0
5 No rate Limit on Licenses Activation $300.0
6 Google API key leaks and security misconfiguration leads Open Redirect Vulnerability $300.0
7 RXSS on thankyou.pixels.php (yapi.mackeeper.com) $75.0
8 Reflected XSS (mackeeperapp2.mackeeper.com) $75.0
9 RXSS on unsubscribe feature (affiliates.kromtech.com) $75.0
10 RXSS on landings/land/3/ron_clean_17_app3_alerts/index.php (mackeeperapp3.mackeeper.com) $75.0
11 Reflected XSS on stage.mackeeper.com $60.0
12 No rate limiting on password reset page $50.0
13 open redirect at https://account.mackeeper.com/auth/signin/continue via improper uri sanitization $50.0
14 Reflected xss on mackeeper.com $50.0
15 Reflected xss $50.0
16 Multiple Links Vulnerable to Reflected xss $50.0
17 CORS Misconfiguration, could lead to disclosure of sensitive information (translate.kromtech.com) $50.0
18 CRLF Injection - http://stage-static-cdn.mackeeper.com/ $50.0
19 CRLF Injection - http://stage.mackeeper.com/ $50.0
20 Open Redirect at https://store.mackeeper.com/767/cookie via redirectto parameter $50.0
21 Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/ $50.0
22 Account verification bypass on translate.kromtech.com $0.0
23 MK Site Cross-Site Scripting (XSS) in script context $0.0
24 Information disclosure of Internal php files on [mackeeper.com/blog/api/send-event] $0.0
25 IDOR at https://account.mackeeper.com/at/load-reports/profile/<profile_id> leaks information about devices/licenses $0.0
26 CSS Injection on static.mackeeper.com - Potential XSS $0.0
27 Bypass front server restrictions and access to forbidden files and directories through X-Rewrite-Url/X-original-url header on account.mackeeper.com $0.0
28 Unauthenticated Reflected Cross-Site Scripting on https://account.mackeeper.com/signin page $0.0
29 Reflected XSS $0.0
30 Lack of HTTPS in service communications $0.0
31 Open redirect on https://account.mackeeper.com $0.0
32 Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com $0.0
33 Affiliates - Session Fixation $0.0
34 Local Privilege escalation to root via XPC $0.0
35 rxss at https://mackeeper.com page not found via rid parameter $0.0
36 Social media link hijack of team member [Linkedin] at https://mackeeper.com/team/ $0.0
37 rXSS on https://mackeeperapp.mackeeper.com/landings/download-blue/ $0.0